Improving URLs for Oracle GoldenGate Microservices using a Reverse Proxy
Oracle GoldenGate finally has a GUI/Web Page interface to work with the product. This has been a long over due and welcomed feature that was initally released with Oracle GoldenGate Microservices in 12.3. Since 12.3 and through 19.1, the Oracle GoldenGate team has been preaching the simplicity and securty benefits of using a reverse proxy to simplify the URLs that are used with Oracle GoldenGate Microservices. Afterall, using a reverse proxy is a great way to simplify the architecture and allow you quick access to resources using shorter URLs.
After setting up Oracle GoldenGate Microservices, you can access the ServiceManage by using a URL that looks like:
http(s)://<host>:<port>
In my environment, this URL would look like this:
https://localhost:16000
As you can tell, I can get to the ServiceManager page on port 16000 (you set the port, we don’t set default ports although we tell people 9000). Which is easy to access, but how would I access any of the other services provided by Oracle GoldenGate Microservices? The URLs to access the other services would just require changing the port number.
In my envionrment, I would just use URLs like this:
https://localhost:16001 <- Administration Service
https://localhost:16002 <- Distribution Service
https://localhost:16003 <- Receiver Service
https://localhost:16004 <- Performance Metric Service
Not very elegant and who wants to remember port numbers? Especially when you may have multiple deployments on a single host. Much less asking your firewall admin to open ports…we all know how those grumpy bears are! How can we improve on this? The answer is simple, just use a reverse proxy to consolidate ports down to a single, standard port.
To make this easier to setup, we provide a utility when you install Oracle GoldenGate Microservices called ReverseProxySettings. This file can be found in the Oracle GoldenGate Microservices Home ($OGG_HOME/lib/utl/reverseproxy). This utility will do the initial configuration of an Nginx Reverse Proxy and allow access to a single port. The default port that is used is HTTPS (443).
To implement the Nginx Reverse Proxy, you first have to install NGINX. This done by pulling it from your Linux yum repository.
yum -y install nginx
After installing Nginx, then you will need to run the ReverseProxySettings utility. The utility requires the following items:
Oracle GoldenGate ServiceManager Login – This is the “security” role user
Password for the security role user
URL with port number for the ServiceManager
To run the script, it would look something similar to this:
cd $OGG_HOME/lib/utl/reverseproxy ./ReverseProxySettings -u oggadmin -P ********* -o ogg.conf https://localhost:16000
The ogg.conf file will be created in the directory where you ran the RegisterProxySettings script. This is the configuration file for Nginx Reverse Proxy. You can also use this file to model other reverse proxies, but Oracle is only going to support the Nginx version.
Once you ahve the ogg.conf file, you need to either be root or have sudo access to configure the Reverse Proxy. In this example, I’m using the sudo approach as the Oracle user.
To configure the Nginx Reverse Proxy, perform the following steps:
sudo cp ogg.conf /etc/nginx/conf.d/nginx.conf sudo sh /etc/ssl/certs/make-dummy-cert /etc/nginx/ogg.pem sudo nginx sudo nginx -t sudo nginx -s reload
After configuring the Reverse Proxy and starting the processes, you will be able ot access the ServiceManager without the port number. In this example, that would be:
https://localhost
Notice that the URL is shorter due to the port number being gone. Yes, I know it says it is un-secure, but that is due to the certficicate for the localhost. The enviornment is still encrypted between source -and-target. Will write another post at some point on how to fix that 🙂
Where the reall benefit of these short URLs while using the Reverse Proxy is with the deployments. Typically when you want to access a deployment, you would need to do something like this:
https://localhost:16001
With the Reverse Proxy, I can now bypass the port number and drill directly down into the deployment I would like to use. Check this out:
https://localhost/Atlanta/adminsrvr
This URL will take me directly to the Adminsitration Service for the Atlanta deployment.
With simplified URLs, I can easily administror Oracle GoldenGate from any remote location using the web pages without needing to remember port numbers. Which greatly simplifys the footprint of Oracle GoldenGate. Additionally, your firewall administrators will love you for making their life easier!
Enjoy!!!
Current Oracle Certs
Bobby Curtis
I’m Bobby Curtis and I’m just your normal average guy who has been working in the technology field for awhile (started when I was 18 with the US Army). The goal of this blog has changed a bit over the years. Initially, it was a general blog where I wrote thoughts down. Then it changed to focus on the Oracle Database, Oracle Enterprise Manager, and eventually Oracle GoldenGate.
If you want to follow me on a more timely manner, I can be followed on twitter at @dbasolved or on LinkedIn under “Bobby Curtis MBA”.
Wonderful work! That is the type of info that should be shared
around the internet. Shame on the search engines for now not
positioning this publish upper! Come on over and seek advice from my web site .
Thanks =)
Hey would you mind letting me know which webhost you’re utilizing?
I’ve loaded your blog in 3 different browsers and I must say this blog loads a lot faster then most.
Can you suggest a good web hosting provider at a honest price?
Many thanks, I appreciate it!
Nice post. I learn something new and challenging on blogs I stumbleupon on a daily basis.
It will always be helpful to read through articles from other writers and practice a
little something from other sites.
This is really interesting, You’re a very skilled blogger.
I have joined your rss feed and look forward to seeking more of your fantastic post.
Also, I’ve shared your website in my social networks!
This information is invaluable. When can I find out more?
Excellent way of describing, and nice piece of writing to obtain facts on the topic of
my presentation focus, which i am going to convey in academy.
Its like you read my mind! You appear to know a lot about this, such as you wrote the ebook in it or something.
I think that you simply can do with some percent to pressure the message house a little bit, but instead of that, this is excellent blog.
A great read. I’ll definitely be back.
I have to thank you for the efforts you have put in writing this
website. I’m hoping to see the same high-grade blog posts from you in the future as
well. In fact, your creative writing abilities has motivated me to get my own, personal website now 😉
I’m not sure why but this weblog is loading extremely slow for me.
Is anyone else having this issue or is it a issue on my end?
I’ll check back later on and see if the problem still exists.
Hi, I wish for to subscribe for this webpage to obtain newest updates, so where can i do it
please help.
Here is my web blog :: Tavor TS12 Semi-Auto Bullpup Shotgun
Thanks for another magnificent article. The place else could anyone
get that type of information in such an ideal manner of writing?
I’ve a presentation subsequent week, and
I am on the search for such info.